Skip to content

release: promote dev to main#647

Merged
djm81 merged 550 commits into
mainfrom
dev
Jul 14, 2026
Merged

release: promote dev to main#647
djm81 merged 550 commits into
mainfrom
dev

Conversation

@djm81

@djm81 djm81 commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

Validation

  • GitHub PR checks run against the current dev head.

djm81 and others added 30 commits March 22, 2026 23:56
* fix: continue code review remediation and align module signing

* fix: complete code-review-zero-findings dogfood remediation (v0.42.3)

Eliminates full-scope code review findings (types, Radon CC, contracts, lint) and records OpenSpec change code-review-zero-findings with tests and CHANGELOG. Module manifests may need re-signing before merge per project policy.

Made-with: Cursor

* chore: re-sign bundled modules after content changes

* fix: resolve review follow-up regressions

* fix: run ci smart-test directly

* fix: restore ci test progress output

* fix: stabilize command audit ci test

---------

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
* docs: restructure core site IA from 5 flat sections to 6 progressive sections

Restructure docs.specfact.io from a flat 5-section sidebar to a 6-section
progressive navigation: Getting Started, Core CLI, Module System, Architecture,
Reference, Migration.

- Create docs/core-cli/, docs/module-system/, docs/migration/ directories
- Move 12 files to correct new sections with jekyll-redirect-from entries
- Write 3 new CLI reference pages: init.md, module.md, upgrade.md
- Replace first-steps.md with focused 5-minute quickstart
- Rewrite index.md as portal landing with core vs modules delineation
- Rewrite getting-started/README.md to link module tutorials to modules site
- Update sidebar navigation in _layouts/default.html
- Delete 6 obsolete files (competitive-analysis, ux-features, common-tasks,
  workflows, testing-terminal-output, guides/README)
- Add documentation-alignment delta spec for core-only focus policy

Implements: #438
OpenSpec: docs-05-core-site-ia-restructure

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs: fix broken internal links after IA restructure

Update all relative links across 40 files to point to new file locations:
- ../reference/architecture.md → ../architecture/overview.md
- ../reference/debug-logging.md → ../core-cli/debug-logging.md
- ../reference/modes.md → ../core-cli/modes.md
- guides/ sibling links → ../module-system/ or ../migration/
- module-system/ back-links → ../guides/
- Remove links to deleted files (common-tasks, workflows)
- first-steps.md → quickstart.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: update test path for moved bootstrap-checklist and fix remaining broken links

- Update test_module_bootstrap_checklist_uses_current_bundle_ids to use
  new path docs/module-system/bootstrap-checklist.md
- Fix 2 remaining command-chains.md anchor links in migration-guide.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: harden cross-platform runtime and IDE resource discovery

* fix: bump patch version to 0.42.4

* fix: restore init lifecycle compatibility

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
…445)

* feat(init): IDE prompt source catalog, --prompts, namespaced exports

Implement init-ide-prompt-source-selection: discover core + module prompts,
default export all sources, interactive multi-select, non-interactive --prompts,
source-namespaced IDE paths. Fix project module roots to use metadata source
project. Extend discovery roots with user/marketplace. Update startup_checks
for nested exports. Bump init module to 0.1.14 with signed manifest.

Made-with: Cursor

* fix(init): scope VS Code prompt recommendations to exported sources

- Pass prompts_by_source into create_vscode_settings from copy_prompts_by_source_to_ide
- Strip prior .github/prompts/* recommendations on selective export to avoid stale paths
- Extract helpers for catalog paths and fallbacks; keep code review clean

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
- Remove [Unreleased] sections; fold historical arch-08 notes under [0.34.0]
- Document init ide catalog, VS Code recommendations, integration test isolation

Made-with: Cursor
…ation strip

- Prune stale exports and unselected catalog segments in copy_prompts_by_source_to_ide
- Strip only specfact*.prompt.md under .github/prompts/ when merging VS Code settings
- Tighten e2e missing-templates assertions to match CLI output
- Add unit tests for prompt path helper and selective export behavior

Made-with: Cursor
* docs: add core vs modules URL contract and OpenSpec alignment

Document cross-site permalink rules in docs/reference, extend documentation-alignment
and module-docs-ownership specs, update docs-07 and openspec config, and note the
dependency on modules URL policy in CHANGE_ORDER.

Made-with: Cursor

* docs: convert core handoff pages to modules canonical links (docs-07)

- Replace 20 duplicate guides/tutorials with thin summaries, prerequisites,
  and links to modules.specfact.io per URL contract
- Add docs/reference/core-to-modules-handoff-urls.md mapping table
- Align OpenSpec documentation-alignment spec delta with ADDED Requirements
- Complete docs-07-core-handoff-conversion tasks checklist

Refs: #439
Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
* feat(docs-12): docs command validation and cross-site link checks

- Add check-docs-commands (Typer CliRunner prefix + --help) and exclusions for migration/illustrative pages
- Add check-cross-site-links with robust URL extraction; warn-only in docs-validate and CI while live site may lag
- Extend docs-review: Hatch env, validation steps, pytest tests/unit/docs/
- Opt-in handoff map HTTP test (SPECFACT_RUN_HANDOFF_URL_CHECK=1)
- OpenSpec deltas, TDD_EVIDENCE, tasks complete; CHANGELOG [Unreleased]

Made-with: Cursor

* fix(docs-validate): strip leading global flags before command path

- Parse --mode/--input-format/--output-format + value, then other root flags
- Add test for specfact --mode copilot import from-code …
- Fix showcase docs: hatch run contract-test-exploration (not specfact)

Made-with: Cursor

* fix(docs-12): harden link/command validators and spec wording

- Capitalize Markdown in cross-site link spec requirement
- Cross-site: redirect-only HTTP success, UTF-8 read failures, URL delimiter/trim fixes
- Docs commands: catch Typer exceptions on --help, UTF-8 read failures
- Tests: shared loader for check-cross-site-links module

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
…ty (#451)

Default CliRunner() merges stderr into stdout; read stdout only so
accessing result.stderr does not raise when streams are combined.

Made-with: Cursor

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
…pes) (#452)

* fix: satisfy review gates for docs scripts and module_lifecycle typing

- Replace print() with Rich Console in docs validation scripts (semgrep)
- Split HTTP URL checks and doc scans to reduce cyclomatic complexity (radon)
- Add icontract require/ensure on public helpers; use CliRunner() without mix_stderr
- Cast questionary API for basedpyright reportUnknownMemberType

Made-with: Cursor

* fix(scripts): address #452 review (HTTP helpers, icontract, CLI streams)

- _http_success_code: use int directly after None guard
- _response_status: safe getcode via getattr/callable
- check-docs: drop @require preconditions duplicated by beartype
- _cli_invoke_streams_text: merge stdout + stderr for not-installed detection

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
* feat(adapters): spec-kit v0.4.x adapter alignment — extensions, presets, hooks, version detection, 7-command presets

Update SpecKitAdapter, ToolCapabilities, BridgeConfig presets, and
SpecKitScanner for spec-kit v0.4.3 compatibility:

- ToolCapabilities: 5 new optional fields (extensions, extension_commands,
  presets, hook_events, detected_version_source)
- SpecKitScanner: scan_extensions(), scan_presets(), scan_hook_events()
  with .extensionignore support and defensive JSON parsing
- SpecKitAdapter: 3-tier version detection (CLI → heuristic → None),
  refactored get_capabilities() with reduced cyclomatic complexity
- BridgeConfig: all 3 speckit presets expanded from 2 to 7 command
  mappings (specify, plan, tasks, implement, constitution, clarify, analyze)
- 42 new tests across 4 test files (110 targeted, 2248 full suite pass)
- Docs updated: comparison matrix, journey guide, integrations overview,
  adapter development guide

Closes #453

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address CodeRabbit review findings

- Use get_bridge_logger instead of logging.getLogger in speckit adapter
  and scanner (production command path convention)
- Narrow except Exception to except OSError in _load_extensionignore
- Simplify redundant base_path conditional in get_capabilities
- Use SimpleNamespace instead of dynamic type() in tests
- Add subprocess.TimeoutExpired and OSError exception tests for CLI
  version detection
- Fix duplicate MD heading in bridge-adapter spec
- Add blank lines after markdown headings in proposal (MD022)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
djm81 and others added 12 commits July 9, 2026 06:53
* chore(openspec): reconcile foundations

* feat(validation): complete evidence trace core

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
* fix(docs): enforce module accountability

Refs #643

* fix(docs): address accountability review

* fix(docs): enforce semantic module contract

* fix(test): allow optional requirements root

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Retire the Intent Trace authoring scope (YAML block, intent-trace schema,
--import-intent flag) before implementation. OpenSpec and Spec Kit remain the
accountable authoring systems of record; SpecFact imports their native
artifacts read-only into the requirements evidence schema and adds
deterministic pass/fail gate categories (scenario-unverified, stale-import,
source-missing, ambiguous-mapping) with profile-driven severity resolved from
layered configuration.

Reprioritize Track C: openspec-01 moves to order 3, requirements-03-backlog-sync
is parked as of 2026-07-13.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Make the shipped gap explicit in the change: requirements validate hardcodes
the startup profile default and ignores profile-01 layered configuration
(resolve_profile_config, requirements_schema.required_fields). The fix ships
with openspec-01 implementation: layered-config resolution when no explicit
profile is passed, explicit flag wins, required_fields drive completeness
findings.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* feat(requirements): import upstream evidence

Fail closed on unrecognized source profiles.

Closes #350

* fix(requirements): harden import validation

Address PR #646 review annotations for fail-closed imports and context validation.

* test(requirements): reduce review fixture duplication

* fix(requirements): fail closed invalid UTF-8

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

User-visible behavior and CLI surface

  • Adds import-first requirement evidence support for native OpenSpec changes and Spec Kit features.
  • Normalizes requirements, scenarios, source locators, and SHA-256 revisions into deterministic evidence records.
  • Validation now reports structured gates for missing evidence, unverified scenarios, stale or missing sources, ambiguous mappings, and required-field issues.
  • Imports fail closed for unsupported/custom schemas, invalid configuration, template overrides, and malformed UTF-8—without emitting partial records.
  • Layered profile configuration is resolved automatically when no explicit profile is supplied; explicit profiles take precedence.
  • Future paired-module requirements import flags are documented but remain outside this core implementation.

Contract/API impact

  • Adds and publicly re-exports:
    • import_openspec_change
    • import_speckit_feature
  • Extends validate_requirement_context with optional profile resolution and project_root support.
  • Adds import-result diagnostics, deterministic identity handling, source attribution, and evidence-compatible profile field aliases.
  • Keeps upstream OpenSpec and Spec Kit directories read-only.

Testing and quality gates

  • Adds comprehensive importer and validation coverage for normalization, hashing, duplicate IDs, schema compatibility, profile layering, source resolution, stale imports, ambiguous mappings, and fail-closed behavior.
  • TDD evidence records contract, smart-test, code-review, Semgrep, and Bandit gate results.
  • CI hardening includes module verification, bundled-module snapshots, signed manifests, and freshness checks for llms.txt.

OpenSpec, documentation, and release

  • Rescopes openspec-01-intent-trace as an import-first OpenSpec/Spec Kit evidence adapter with deterministic pass/fail gates.
  • Updates requirements-context adapter documentation, OpenSpec change validation, design, proposal, tasks, and module specifications.
  • Removes the superseded Intent Trace bridge specifications and planned --import-intent workflow.
  • Updates CHANGELOG.md for versions 0.52.0–0.52.2 and bumps package versions from 0.51.2 to 0.52.2.

Walkthrough

Adds read-only OpenSpec and Spec Kit requirement importers, deterministic source attribution and IDs, fail-closed compatibility checks, layered validation profiles, import-gate diagnostics, comprehensive tests, documentation, and version 0.52.3 release metadata.

Changes

Requirements evidence import

Layer / File(s) Summary
Import contracts and delivery plan
openspec/changes/openspec-01-intent-trace/*
Reframes the change around deterministic OpenSpec and Spec Kit evidence imports, compatibility profiles, validation gates, read-only behavior, and TDD evidence.
Native source importers
src/specfact_cli/requirements/importers.py, src/specfact_cli/requirements/__init__.py
Adds OpenSpec and Spec Kit normalizers with deterministic IDs, scenario extraction, SHA-256 source revisions, compatibility diagnostics, and public exports.
Context validation and profile resolution
src/specfact_cli/requirements/context.py
Adds layered profile resolution, required-field aliases, import-gate findings, source integrity checks, project-root locator handling, and resilient optional configuration loading.
Importer and validation coverage
tests/unit/requirements/test_upstream_evidence_imports.py
Tests normalization, deterministic identities, fail-closed schemas, hashes, validation gates, source resolution, malformed configuration, and profile precedence.
Release metadata and reference updates
CHANGELOG.md, docs/reference/requirements-context-adapter.md, openspec/CHANGE_ORDER.md, pyproject.toml, setup.py, src/__init__.py, src/specfact_cli/__init__.py
Updates release notes, adapter documentation, change ordering, and package versions to 0.52.3.

Estimated code review effort: 4 (Complex) | ~45 minutes

Sequence Diagram(s)

sequenceDiagram
  participant SourceArtifact
  participant Importer
  participant Validator
  participant RequirementEvidence
  SourceArtifact->>Importer: provide OpenSpec or Spec Kit artifact
  Importer->>Importer: validate supported schema and compute hash
  Importer->>RequirementEvidence: create normalized requirement records
  RequirementEvidence->>Validator: validate evidence and source integrity
  Validator-->>RequirementEvidence: return gate findings and severity
Loading

Possibly related issues

Possibly related PRs

Suggested labels: architecture, QA, change-proposal

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is far too brief and omits most required template sections, including issue links, type of change, testing, and checklist items. Expand the description to follow the template, including issue references, change summary, contract/testing evidence, checklist, and quality gate status.
Docstring Coverage ⚠️ Warning Docstring coverage is 44.44% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the release/branch-promotion nature of the PR and is related to the merged changeset.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dev

Comment @coderabbitai help to get the list of available commands.

@djm81 djm81 self-assigned this Jul 13, 2026
@djm81 djm81 added documentation Improvements or additions to documentation enhancement New feature or request dependencies Dependency resolution and management labels Jul 13, 2026
@djm81 djm81 moved this to In Progress in SpecFact CLI Jul 13, 2026
@djm81 djm81 linked an issue Jul 13, 2026 that may be closed by this pull request
@djm81 djm81 marked this pull request as ready for review July 13, 2026 22:14
@github-actions

Copy link
Copy Markdown
Contributor

SpecFact CLI Validation Report

All validations passed!
Duration: 19.19s
Checks: 4 total (1 passed) (3 skipped)

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8570d71eb4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/specfact_cli/requirements/importers.py Outdated
Comment thread src/specfact_cli/requirements/context.py

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (4)
src/specfact_cli/requirements/context.py (1)

194-215: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

org_baseline reads the real ~/.specfact/config.yaml with no injection seam.

_resolve_requirement_profile unconditionally reads Path.home()/".specfact"/"config.yaml". None of the new tests in test_upstream_evidence_imports.py mock or monkeypatch Path.home(), so the omitted-profile resolution path (exercised by test_omitted_profile_uses_layered_configuration_and_explicit_profile_wins) is coupled to whatever ~/.specfact/config.yaml happens to exist on the machine running the suite — a source of non-hermetic, potentially flaky test behavior, and of surprising non-determinism in production runs across developer machines.

Consider making the home-config path injectable (e.g., an optional parameter defaulting to Path.home()) so tests can pin it via tmp_path, and monkeypatch it in the affected tests.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/specfact_cli/requirements/context.py` around lines 194 - 215, The
_resolve_requirement_profile function hardcodes the user home configuration
path, preventing hermetic tests. Add an optional injectable home/config root
parameter that defaults to Path.home(), use it when reading org_baseline, and
update the affected tests to provide a tmp_path-based value so omitted-profile
resolution is deterministic.
openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md (1)

93-98: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Missing explicit failing-before/passing-after transcript for the OpenSpec validate gate.

The section states a pass result and "Issues Found/Fixed: 2" but doesn't include the actual before/after openspec validate openspec-01-intent-trace --strict output. The documented change-validation pattern for this file calls for recording artifacts of the failing-before and passing-after runs alongside the exact command used.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md` around lines
93 - 98, Update the OpenSpec Validation section in CHANGE_VALIDATION.md to
include explicit artifacts for both the failing-before and passing-after runs of
the exact strict validation command. Record the relevant command output for each
run alongside the existing pass status and issue summary, following the file’s
documented change-validation pattern.

Source: Path instructions

src/specfact_cli/requirements/importers.py (1)

245-264: 📐 Maintainability & Code Quality | 🔵 Trivial

Requirement/scenario boundaries are re-derived via regex instead of via the parser's structured output.

This re-parses raw_content with ad hoc regex to slice out ### Requirement: blocks, duplicating logic already implied by OpenSpecParser.parse_change_spec_delta. If the parser already exposes structured requirement/scenario data, consolidating onto it would reduce the surface area that has to stay in sync with the compatibility-check patterns (_OPENSPEC_REQUIREMENT_PATTERN/_OPENSPEC_SCENARIO_PATTERN) defined earlier in this file.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/specfact_cli/requirements/importers.py` around lines 245 - 264, The
requirement import flow should use the structured requirements and scenarios
returned by OpenSpecParser.parse_change_spec_delta instead of re-parsing
raw_content with the local regex loop. Update the surrounding importer logic to
derive titles, summaries, IDs, and business_rules from that parser output,
reusing the parser’s existing boundary handling and the established
compatibility patterns.
openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md (1)

101-126: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Gate evidence is missing several required commands.

The documented pattern for this file calls for a gate-evidence section covering format, type-check, ruff/lint, and openspec validate --strict, in addition to test/SAST results. This section shows smart-test, contract-test, code-review, semgrep-sast(+gate), and bandit-scan, but no format/type-check/lint/openspec-validate transcript.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md` around lines 101 -
126, Update the “Final Gate Evidence” section to include transcripts for the
required format check, type check, ruff/lint check, and `openspec validate
--strict` command, alongside the existing test and security results. Preserve
the current command outcomes and document each added gate with its actual
execution result.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md`:
- Line 101: Replace the host-specific absolute worktree path in
CHANGE_VALIDATION.md with a relative path or generic placeholder, matching the
redaction format used by sibling evidence documents in the same OpenSpec change.
- Around line 59-66: Update the validation record to point to
tests/unit/requirements/test_upstream_evidence_imports.py for import
normalization, idempotency, and source-directory immutability coverage. In the
OpenSpec Validation section, include the actual failing-before and passing-after
command artifacts alongside the summary count, and redact any absolute local
worktree paths from those artifacts.

In `@src/specfact_cli/requirements/context.py`:
- Around line 164-171: Update _read_config_mapping to catch UnicodeDecodeError
while reading UTF-8 configuration files, alongside the existing OSError and
yaml.YAMLError handling, so malformed or binary files return the existing empty
mapping fallback without propagating an exception.

In `@src/specfact_cli/requirements/importers.py`:
- Around line 292-301: Update the Spec Kit requirement loop to emit a
RequirementContextDiagnostic before skipping malformed entries. In the
raw_requirements handling, diagnose non-dict values and entries with empty text
using the module’s existing bounded-diagnostic conventions and appropriate
source-missing context, while preserving valid requirement processing and the
existing diagnostic limit.

---

Nitpick comments:
In `@openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md`:
- Around line 93-98: Update the OpenSpec Validation section in
CHANGE_VALIDATION.md to include explicit artifacts for both the failing-before
and passing-after runs of the exact strict validation command. Record the
relevant command output for each run alongside the existing pass status and
issue summary, following the file’s documented change-validation pattern.

In `@openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md`:
- Around line 101-126: Update the “Final Gate Evidence” section to include
transcripts for the required format check, type check, ruff/lint check, and
`openspec validate --strict` command, alongside the existing test and security
results. Preserve the current command outcomes and document each added gate with
its actual execution result.

In `@src/specfact_cli/requirements/context.py`:
- Around line 194-215: The _resolve_requirement_profile function hardcodes the
user home configuration path, preventing hermetic tests. Add an optional
injectable home/config root parameter that defaults to Path.home(), use it when
reading org_baseline, and update the affected tests to provide a tmp_path-based
value so omitted-profile resolution is deterministic.

In `@src/specfact_cli/requirements/importers.py`:
- Around line 245-264: The requirement import flow should use the structured
requirements and scenarios returned by OpenSpecParser.parse_change_spec_delta
instead of re-parsing raw_content with the local regex loop. Update the
surrounding importer logic to derive titles, summaries, IDs, and business_rules
from that parser output, reusing the parser’s existing boundary handling and the
established compatibility patterns.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: b23f9396-b4c9-483b-b850-d18317995873

📥 Commits

Reviewing files that changed from the base of the PR and between de0a750 and 8570d71.

📒 Files selected for processing (21)
  • CHANGELOG.md
  • docs/reference/requirements-context-adapter.md
  • openspec/CHANGE_ORDER.md
  • openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
  • openspec/changes/openspec-01-intent-trace/design.md
  • openspec/changes/openspec-01-intent-trace/proposal.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-bridge-adapter/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-bridge-intent-import/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-intent-trace-schema/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/requirements-module/spec.md
  • openspec/changes/openspec-01-intent-trace/tasks.md
  • pyproject.toml
  • setup.py
  • src/__init__.py
  • src/specfact_cli/__init__.py
  • src/specfact_cli/requirements/__init__.py
  • src/specfact_cli/requirements/context.py
  • src/specfact_cli/requirements/importers.py
  • tests/unit/requirements/test_upstream_evidence_imports.py
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • nold-ai/specfact-cli-modules (manual) → reviewed against branch dev instead of the default branch
💤 Files with no reviewable changes (3)
  • openspec/changes/openspec-01-intent-trace/specs/openspec-bridge-intent-import/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-intent-trace-schema/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-bridge-adapter/spec.md
📜 Review details
⏰ Context from checks skipped due to timeout. (4)
  • GitHub Check: Compatibility (Python 3.11)
  • GitHub Check: Tests (Python 3.12)
  • GitHub Check: Runtime Discovery Smoke (macOS)
  • GitHub Check: Tests (Python 3.12)
🧰 Additional context used
📓 Path-based instructions (17)
**/*.py

📄 CodeRabbit inference engine (.cursor/rules/python-github-rules.mdc)

**/*.py: Maintain minimum 80% test coverage, with 100% coverage for critical paths in Python code
Use clear naming and self-documenting code, preferring clear names over comments
Ensure each function/class has a single clear purpose (Single Responsibility Principle)
Extract common patterns to avoid code duplication (DRY principle)
Apply SOLID object-oriented design principles in Python code
Use type hints everywhere in Python code and enable basedpyright strict mode
Use Pydantic models for data validation and serialization in Python
Use async/await for I/O operations in Python code
Use context managers for resource management in Python
Use dataclasses for simple data containers in Python
Enforce maximum line length of 120 characters in Python code
Use 4 spaces for indentation in Python code (no tabs)
Use 2 blank lines between classes and 1 blank line between methods in Python
Organize imports in order: Standard library → Third party → Local in Python files
Use snake_case for variables and functions in Python
Use PascalCase for class names in Python
Use UPPER_SNAKE_CASE for constants in Python
Use leading underscore (_) for private methods in Python classes
Use snake_case for Python file names
Enable basedpyright strict mode with strict type checking configuration in Python
Use Google-style docstrings for functions and classes in Python
Include comprehensive exception handling with specific exception types in Python code
Use logging with structured context (extra parameters) instead of print statements
Use retry logic with tenacity decorators (@retry) for operations that might fail
Use Pydantic BaseSettings for environment-based configuration in Python
Validate user input using Pydantic validators in Python models
Use @lru_cache and Redis-based caching for expensive calculations in Python
Run code formatting with Black (120 character line length) and isort in Python
Run type checking with basedpyright on all Python files
Run linting with ruff and pylint on all Pyth...

Files:

  • src/__init__.py
  • setup.py
  • src/specfact_cli/__init__.py
  • src/specfact_cli/requirements/__init__.py
  • src/specfact_cli/requirements/importers.py
  • src/specfact_cli/requirements/context.py
  • tests/unit/requirements/test_upstream_evidence_imports.py
{src/__init__.py,pyproject.toml,setup.py}

📄 CodeRabbit inference engine (.cursor/rules/python-github-rules.mdc)

{src/__init__.py,pyproject.toml,setup.py}: Update src/init.py first as primary source of truth for package version, then pyproject.toml and setup.py
Maintain version synchronization across src/init.py, pyproject.toml, and setup.py

Files:

  • src/__init__.py
  • setup.py
  • pyproject.toml
src/**/*.py

📄 CodeRabbit inference engine (.cursor/rules/spec-fact-cli-rules.mdc)

src/**/*.py: All code changes must be followed by running the full test suite using the smart test system.
All Python files in src/ and tools/ directories must have corresponding test files in tests/ directory. If you modify src/common/logger_setup.py, you MUST have tests/unit/common/test_logger_setup.py. NO EXCEPTIONS - even small changes require tests.
All new Python runtime code files must have corresponding test files created BEFORE committing the code. NO EXCEPTIONS - no code without tests.
Test Coverage Validation: Run hatch run smart-test-unit for modified files, hatch run smart-test-folder for modified directories, and hatch run smart-test-full before committing. ALL TESTS MUST PASS.
All components must support TEST_MODE=true environment variable with test-specific behavior defined as: if os.environ.get('TEST_MODE') == 'true': # test-specific behavior
Use src/common/logger_setup.py for all logging via: from common.logger_setup import get_logger; logger = get_logger(name)
Use src/common/redis_client.py with fallback for Redis operations via: from common.redis_client import get_redis_client; redis_client = get_redis_client()
Type checking must pass with no errors using: mypy .
Test coverage must meet or exceed 80% total coverage. New code must have corresponding tests. Modified code must maintain or improve coverage. Critical paths must have 100% coverage.
Use Pydantic v2 validation for all context and data schemas.

Add/update contracts on new or modified public APIs, stateful classes and adapters using icontract decorators and beartype runtime type checks

src/**/*.py: Meaningful Naming — identifiers reveal intent; avoid abbreviations. Identifiers in src/ must use snake_case (modules/functions), PascalCase (classes), UPPER_SNAKE_CASE (constants). Avoid single-letter names outside short loop variables.
KISS — keep functions and modules small and single-purpose. Maximum function length: 120 lines (Phase A error threshold). Maximum cyclomati...

Files:

  • src/__init__.py
  • src/specfact_cli/__init__.py
  • src/specfact_cli/requirements/__init__.py
  • src/specfact_cli/requirements/importers.py
  • src/specfact_cli/requirements/context.py
@(src|tests)/**/*.py

📄 CodeRabbit inference engine (.cursor/rules/spec-fact-cli-rules.mdc)

Linting must pass with no errors using: pylint src tests

Files:

  • src/__init__.py
  • src/specfact_cli/__init__.py
  • src/specfact_cli/requirements/__init__.py
  • src/specfact_cli/requirements/importers.py
  • src/specfact_cli/requirements/context.py
  • tests/unit/requirements/test_upstream_evidence_imports.py
{pyproject.toml,setup.py,src/__init__.py}

📄 CodeRabbit inference engine (.cursor/rules/testing-and-build-guide.mdc)

Manually update version numbers in pyproject.toml, setup.py, and src/init.py when making a formal version change

Files:

  • src/__init__.py
  • setup.py
  • pyproject.toml
**/*.{py,pyi}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{py,pyi}: After any code changes, follow these steps in order: (1) Apply linting and formatting to ensure code quality: hatch run format, (2) Type checking: hatch run type-check (basedpyright), (3) Contract-first approach: Run hatch run contract-test for contract validation, (4) Run full test suite: hatch test --cover -v, (5) Verify all tests pass and contracts are satisfied, (6) Fix any issues and repeat steps until all tests pass
All public APIs must have @icontract decorators and @beartype type checking
Use Pydantic models for all data structures with data validation
Only write high-value comments if at all. Avoid talking to the user through comments

Files:

  • src/__init__.py
  • setup.py
  • src/specfact_cli/__init__.py
  • src/specfact_cli/requirements/__init__.py
  • src/specfact_cli/requirements/importers.py
  • src/specfact_cli/requirements/context.py
  • tests/unit/requirements/test_upstream_evidence_imports.py
src/specfact_cli/**/*.py

⚙️ CodeRabbit configuration file

src/specfact_cli/**/*.py: Focus on modular CLI architecture: lazy module loading, registry/bootstrap patterns, and
dependency direction. Flag breaking changes to public APIs, Pydantic models, and resource
bundling. Verify @icontract + @beartype on public surfaces; prefer centralized logging
(get_bridge_logger) over print().

Files:

  • src/specfact_cli/__init__.py
  • src/specfact_cli/requirements/__init__.py
  • src/specfact_cli/requirements/importers.py
  • src/specfact_cli/requirements/context.py
pyproject.toml

📄 CodeRabbit inference engine (.cursorrules)

When updating the version in pyproject.toml, ensure it's newer than the latest PyPI version. The CI/CD pipeline will automatically publish to PyPI only if the new version is greater than the published version

Files:

  • pyproject.toml
**/*.{md,mdc}

📄 CodeRabbit inference engine (.cursor/rules/markdown-rules.mdc)

**/*.{md,mdc}: Do not use more than one consecutive blank line anywhere in the document (MD012: No Multiple Consecutive Blank Lines)
Fenced code blocks should be surrounded by blank lines (MD031: Fenced Code Blocks)
Lists should be surrounded by blank lines (MD032: Lists)
Files must end with a single empty line (MD047: Files Must End With Single Newline)
Lines should not have trailing spaces (MD009: No Trailing Spaces)
Use asterisks (**) for strong emphasis, not underscores (__) (MD050: Strong Style)
Fenced code blocks must have a language specified (MD040: Fenced Code Language)
Headers should increment by one level at a time (MD001: Header Increment)
Headers should be surrounded by blank lines (MD022: Headers Should Be Surrounded By Blank Lines)
Only one top-level header (H1) is allowed per document (MD025: Single H1 Header)
Use consistent list markers, preferring dashes (-) for unordered lists (MD004: List Style)
Nested unordered list items should be indented consistently, typically by 2 spaces (MD007: Unordered List Indentation)
Use exactly one space after the list marker (e.g., -, *, +, 1.) (MD030: Spaces After List Markers)
Use incrementing numbers for ordered lists (MD029: Ordered List Item Prefix)
Enclose bare URLs in angle brackets or format them as links (MD034: Bare URLs)
Don't use spaces immediately inside code spans (MD038: Spaces Inside Code Spans)
Use consistent indentation (usually 2 or 4 spaces) throughout markdown files
Keep line length under 120 characters in markdown files
Use reference-style links for better readability in markdown files
Use a trailing slash for directory paths in markdown files
Ensure proper escaping of special characters in markdown files

Files:

  • openspec/changes/openspec-01-intent-trace/specs/requirements-module/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
  • CHANGELOG.md
  • docs/reference/requirements-context-adapter.md
  • openspec/changes/openspec-01-intent-trace/design.md
  • openspec/changes/openspec-01-intent-trace/tasks.md
  • openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
  • openspec/changes/openspec-01-intent-trace/proposal.md
  • openspec/CHANGE_ORDER.md
**/*.md

📄 CodeRabbit inference engine (.cursorrules)

Avoid markdown linting errors (refer to markdown-rules)

Files:

  • openspec/changes/openspec-01-intent-trace/specs/requirements-module/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
  • CHANGELOG.md
  • docs/reference/requirements-context-adapter.md
  • openspec/changes/openspec-01-intent-trace/design.md
  • openspec/changes/openspec-01-intent-trace/tasks.md
  • openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
  • openspec/changes/openspec-01-intent-trace/proposal.md
  • openspec/CHANGE_ORDER.md
openspec/changes/**/*.md

📄 CodeRabbit inference engine (.cursorrules)

For /opsx:archive (Archive change): Include module signing and cleanup in final tasks. Agents MUST run openspec archive <change-id> from repo root (no manual mv under openspec/changes/archive/)

Files:

  • openspec/changes/openspec-01-intent-trace/specs/requirements-module/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
  • openspec/changes/openspec-01-intent-trace/design.md
  • openspec/changes/openspec-01-intent-trace/tasks.md
  • openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
  • openspec/changes/openspec-01-intent-trace/proposal.md
openspec/**/{proposal.md,tasks.md,design.md,spec.md}

📄 CodeRabbit inference engine (.cursor/rules/automatic-openspec-workflow.mdc)

openspec/**/{proposal.md,tasks.md,design.md,spec.md}: Apply openspec/config.yaml project context and per-artifact rules (for proposal, specs, design, tasks) when creating or updating any OpenSpec change artifact in the specfact-cli codebase
After implementation, validate the change with openspec validate <change-id> --strict; fix validation errors in proposal, specs, design, or tasks and re-validate until passing before considering the change complete

Files:

  • openspec/changes/openspec-01-intent-trace/specs/requirements-module/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • openspec/changes/openspec-01-intent-trace/design.md
  • openspec/changes/openspec-01-intent-trace/tasks.md
  • openspec/changes/openspec-01-intent-trace/proposal.md
openspec/**/*.md

⚙️ CodeRabbit configuration file

openspec/**/*.md: Treat as specification source of truth: proposal/tasks/spec deltas vs. code behavior,
CHANGE_ORDER consistency, and scenario coverage. Surface drift between OpenSpec and
implementation.

Files:

  • openspec/changes/openspec-01-intent-trace/specs/requirements-module/spec.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
  • openspec/changes/openspec-01-intent-trace/design.md
  • openspec/changes/openspec-01-intent-trace/tasks.md
  • openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
  • openspec/changes/openspec-01-intent-trace/proposal.md
  • openspec/CHANGE_ORDER.md
CHANGELOG.md

📄 CodeRabbit inference engine (.cursor/rules/python-github-rules.mdc)

Include new version entries at the top of CHANGELOG.md when updating versions

Update CHANGELOG.md with all code changes as part of version control requirements.

Update CHANGELOG.md to document all significant changes under Added, Fixed, Changed, or Removed sections when making a version change

Files:

  • CHANGELOG.md
docs/**/*.md

📄 CodeRabbit inference engine (.cursor/rules/spec-fact-cli-rules.mdc)

Update architecture documentation in docs/ for architecture changes, state machine documentation for FSM modifications, interface documentation for API changes, and configuration guides for configuration changes. DO NOT create internal docs in specfact-cli repo folder that should not be visible to end users; use the respective internal repository instead.

Files:

  • docs/reference/requirements-context-adapter.md

⚙️ CodeRabbit configuration file

docs/**/*.md: User-facing accuracy: CLI examples match current behavior; preserve Jekyll front matter;
call out when README/docs index need sync.

Files:

  • docs/reference/requirements-context-adapter.md
**/test_*.py

📄 CodeRabbit inference engine (.cursor/rules/python-github-rules.mdc)

**/test_*.py: Write tests first in test-driven development (TDD) using the Red-Green-Refactor cycle
Ensure each test is independent and repeatable with no shared state between tests
Organize Python imports in tests using unittest.mock for Mock and patch
Use setup_method() for test initialization and Arrange-Act-Assert pattern in test files
Use @pytest.mark.asyncio decorator for async test functions in Python
Organize test files in structure: tests/unit/, tests/integration/, tests/e2e/ by module

Files:

  • tests/unit/requirements/test_upstream_evidence_imports.py
tests/**/*.py

📄 CodeRabbit inference engine (.cursor/rules/spec-fact-cli-rules.mdc)

Tests must be meaningful and test actual functionality, cover both success and failure cases, be independent and repeatable, and have clear, descriptive names. NO EXCEPTIONS - no placeholder or empty tests.

tests/**/*.py: Trim low-value unit tests when a contract covers the same assertion (type/shape/raises on negative checks)
Delete tests that only assert input validation, datatype/shape enforcement, or raises on negative conditions now guarded by contracts and runtime typing
Convert repeated edge-case permutations into one Hypothesis property with contracts acting as oracles

Secret redaction via LoggerSetup.redact_secrets must be covered by unit tests

Files:

  • tests/unit/requirements/test_upstream_evidence_imports.py

⚙️ CodeRabbit configuration file

tests/**/*.py: Contract-first testing: meaningful scenarios, not redundant assertions already covered by
contracts. Flag flakiness, environment coupling, and missing coverage for changed behavior.

Files:

  • tests/unit/requirements/test_upstream_evidence_imports.py
🪛 ast-grep (0.44.1)
src/specfact_cli/requirements/importers.py

[warning] 69-69: Regex pattern passed to re is built from a non-literal (variable, call, concatenation, or f-string) value. If that value is attacker-controlled it can introduce a malicious pattern with catastrophic backtracking (ReDoS). Use a hardcoded literal pattern, or validate/escape untrusted input with re.escape() and bound the regex complexity before compiling.
Context: re.search(rf"^- **{clause.upper()}**\s+(.+)$", body, re.MULTILINE | re.IGNORECASE)
Note: [CWE-1333] Inefficient Regular Expression Complexity.

(redos-non-literal-regex-python)

🔀 Multi-repo context nold-ai/specfact-cli-modules

Linked repositories findings

nold-ai/specfact-cli-modules

  • On the inspected dev ref, packages/specfact-requirements/src/specfact_requirements/requirements/runtime.py:194 calls validate_requirement_context(bundle, profile=...); it does not pass the new optional project_root. This remains compatible with the changed core signature, but relative source locators will not be resolved from the project root through this runtime path. [::nold-ai/specfact-cli-modules::]
  • The runtime currently supports only file imports: import_requirements_file_to_bundle is the sole import implementation in runtime.py, and the command references found in docs/reference/commands.generated.* expose only --from-file. No runtime consumers of import_openspec_change or import_speckit_feature were found on this ref. [::nold-ai/specfact-cli-modules::]
  • The active module proposal/spec explicitly requires future --from-openspec and --from-speckit flags and delegation to the core helpers, while openspec/changes/openspec-01-intent-trace/tasks.md:25 still lists command wiring as incomplete. Thus the core exports added by this PR have no implemented module command consumer on the inspected branch yet. [::nold-ai/specfact-cli-modules::]
  • Existing module validation tests exercise the older runtime path and profile forwarding (tests/unit/specfact_requirements/test_requirements_runtime.py:64-78), but contain no tests for native OpenSpec/Spec Kit imports or new import-gate diagnostics. [::nold-ai/specfact-cli-modules::]
🔇 Additional comments (24)
CHANGELOG.md (1)

13-18: LGTM!

Also applies to: 22-29, 33-41

docs/reference/requirements-context-adapter.md (2)

12-15: LGTM!

Also applies to: 31-34, 47-89


122-131: 🗄️ Data Integrity & Integration

Carry project_root into the paired native-import validation path.

The linked specfact_requirements runtime currently calls validate_requirement_context(bundle, profile=...) without project_root. Before exposing these documented flags, pass the resolved project root so relative locators do not produce false source-missing or stale-import findings when invoked outside the repository root.

Source: Linked repositories

openspec/CHANGE_ORDER.md (1)

85-87: LGTM!

Also applies to: 114-114, 158-163

pyproject.toml (1)

7-7: LGTM!

setup.py (1)

10-10: LGTM!

src/__init__.py (1)

6-6: LGTM!

src/specfact_cli/__init__.py (1)

79-79: LGTM!

openspec/changes/openspec-01-intent-trace/design.md (1)

1-166: LGTM!

openspec/changes/openspec-01-intent-trace/proposal.md (1)

1-132: LGTM!

openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md (1)

1-136: LGTM!

openspec/changes/openspec-01-intent-trace/tasks.md (1)

1-65: LGTM!

src/specfact_cli/requirements/context.py (3)

356-356: LGTM!

Also applies to: 365-494


536-546: 🗄️ Data Integrity & Integration

Cross-repo gap: project_root isn't threaded through by the current module runtime.

Per linked-repo findings, nold-ai/specfact-cli-modules's runtime.py:194 calls validate_requirement_context(bundle, profile=...) without the new project_root argument, so this falls back to Path.cwd() here. Any imported requirement with a relative source.locator will therefore be resolved against the process's working directory rather than the actual project root when invoked through today's module runtime, risking spurious source-missing/stale-import findings.

This is expected to be resolved alongside the paired modules-repo issue (#168); flagging so it isn't lost once that runtime wiring lands.


28-47: 🎯 Functional Correctness

Drop this commentresolve_profile_config already accepts mid_size as a canonical tier, and team/api_first_team map to it through the alias table.

			> Likely an incorrect or invalid review comment.
tests/unit/requirements/test_upstream_evidence_imports.py (1)

1-429: LGTM!

openspec/changes/openspec-01-intent-trace/specs/requirements-module/spec.md (2)

63-67: 🗄️ Data Integrity & Integration

Cross-repo consumer doesn't yet exercise this scenario.

Per linked-repo findings, the module runtime calls validate_requirement_context(bundle, profile=...) without the new project_root argument, so relative source locators won't actually be resolved from the project root through that call path yet. This core scenario is correct, but worth tracking that the paired module (nold-ai/specfact-cli-modules#168) needs to pass project_root before this guarantee is observable end-to-end.

Source: Linked repositories


1-62: LGTM!

Also applies to: 68-106

openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md (1)

3-58: LGTM!

Also applies to: 68-92, 99-104

openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md (2)

104-112: 🩺 Stability & Availability

Confirm CI Quality Gates have since run clean before this promotes to main.

This records only 64% local coverage against the repo's mandated 80% CI threshold, and notes the PR Tests job failed first on an unrelated regression so the dependent Quality Gates job never executed at the time this evidence was captured. Given the PR objective is promoting dev to main, please confirm the CI pipeline has since produced a clean Quality Gates run (or that this is tracked/waived) before merge.

Source: Coding guidelines


1-100: LGTM!

src/specfact_cli/requirements/importers.py (2)

292-316: 🗄️ Data Integrity & Integration

Every requirement from a Spec Kit feature gets the identical, full scenario set.

_speckit_rules(requirement_id, content) is called with the whole spec.md content for each requirement produced by the loop, so if a feature has multiple FR-* requirements, each resulting RequirementInput will carry the same complete list of acceptance scenarios rather than any requirement-specific subset. This may be intentional (Spec Kit templates often keep acceptance scenarios feature-level, not per-FR), but as implemented it duplicates identical BusinessRule sets across multiple requirement records. Please confirm this is the intended mapping — the current single-requirement test fixture doesn't exercise a multi-FR feature to validate the behavior either way.


1-58: LGTM!

Also applies to: 86-244, 266-291

src/specfact_cli/requirements/__init__.py (1)

15-26: LGTM!

Comment thread openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
Comment thread openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md Outdated
Comment thread src/specfact_cli/requirements/context.py
Comment thread src/specfact_cli/requirements/importers.py
@strix-security

Copy link
Copy Markdown

Strix is installed on this repository, but we couldn't run this PR security review because this workspace's trial has ended. Add a card to resume code reviews here.

@github-actions

Copy link
Copy Markdown
Contributor

SpecFact CLI Validation Report

All validations passed!
Duration: 15.14s
Checks: 4 total (1 passed) (3 skipped)

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md (1)

125-150: 📐 Maintainability & Code Quality | 🟠 Major | 🏗️ Heavy lift

Do not promote this release with an unproven quality gate.

The evidence reports 64.0% coverage, below the required 80%, and explicitly says the CI Quality Gates job did not run. It also omits the prescribed format, type-check, lint, full coverage, and strict OpenSpec validation results. Rerun the required gates and record passing artifacts before treating this change as release-ready.

As per coding guidelines, Python changes must maintain minimum 80% test coverage and run the prescribed validation sequence. As per path instructions, OpenSpec evidence must make validation status and supporting artifacts explicit.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md` around lines 125 -
150, Update the “Final Gate Evidence” section to record passing artifacts for
the required format, type-check, lint, full-coverage, and strict OpenSpec
validation gates, using the prescribed validation sequence. Replace the 64.0%
local-only and skipped CI evidence with proof that the 80% quality threshold and
dependent Quality Gates job completed successfully; do not mark the release
ready while any required gate remains unproven.

Sources: Coding guidelines, Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md`:
- Around line 125-150: Update the “Final Gate Evidence” section to record
passing artifacts for the required format, type-check, lint, full-coverage, and
strict OpenSpec validation gates, using the prescribed validation sequence.
Replace the 64.0% local-only and skipped CI evidence with proof that the 80%
quality threshold and dependent Quality Gates job completed successfully; do not
mark the release ready while any required gate remains unproven.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8d7c952c-e42c-45f2-949f-565bd9d22abc

📥 Commits

Reviewing files that changed from the base of the PR and between 8570d71 and d751a2d.

📒 Files selected for processing (11)
  • CHANGELOG.md
  • openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • pyproject.toml
  • setup.py
  • src/__init__.py
  • src/specfact_cli/__init__.py
  • src/specfact_cli/requirements/context.py
  • src/specfact_cli/requirements/importers.py
  • tests/unit/requirements/test_upstream_evidence_imports.py
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • nold-ai/specfact-cli-modules (manual) → reviewed against branch dev instead of the default branch
🚧 Files skipped from review as they are similar to previous changes (9)
  • pyproject.toml
  • src/init.py
  • src/specfact_cli/init.py
  • openspec/changes/openspec-01-intent-trace/specs/openspec-speckit-evidence-adapter/spec.md
  • CHANGELOG.md
  • src/specfact_cli/requirements/context.py
  • openspec/changes/openspec-01-intent-trace/CHANGE_VALIDATION.md
  • src/specfact_cli/requirements/importers.py
  • tests/unit/requirements/test_upstream_evidence_imports.py
📜 Review details
⏰ Context from checks skipped due to timeout. (12)
  • GitHub Check: Linting (ruff, pylint, safe-write guard)
  • GitHub Check: Runtime Discovery Smoke (macOS)
  • GitHub Check: Independent Static Analysis
  • GitHub Check: Tests (Python 3.12)
  • GitHub Check: CLI Command Validation
  • GitHub Check: Compatibility (Python 3.11)
  • GitHub Check: Compatibility (Python 3.11)
  • GitHub Check: Runtime Discovery Smoke (macOS)
  • GitHub Check: Linting (ruff, pylint, safe-write guard)
  • GitHub Check: Independent Static Analysis
  • GitHub Check: Tests (Python 3.12)
  • GitHub Check: Analyze (python)
🧰 Additional context used
📓 Path-based instructions (8)
**/*.py

📄 CodeRabbit inference engine (.cursor/rules/python-github-rules.mdc)

**/*.py: Maintain minimum 80% test coverage, with 100% coverage for critical paths in Python code
Use clear naming and self-documenting code, preferring clear names over comments
Ensure each function/class has a single clear purpose (Single Responsibility Principle)
Extract common patterns to avoid code duplication (DRY principle)
Apply SOLID object-oriented design principles in Python code
Use type hints everywhere in Python code and enable basedpyright strict mode
Use Pydantic models for data validation and serialization in Python
Use async/await for I/O operations in Python code
Use context managers for resource management in Python
Use dataclasses for simple data containers in Python
Enforce maximum line length of 120 characters in Python code
Use 4 spaces for indentation in Python code (no tabs)
Use 2 blank lines between classes and 1 blank line between methods in Python
Organize imports in order: Standard library → Third party → Local in Python files
Use snake_case for variables and functions in Python
Use PascalCase for class names in Python
Use UPPER_SNAKE_CASE for constants in Python
Use leading underscore (_) for private methods in Python classes
Use snake_case for Python file names
Enable basedpyright strict mode with strict type checking configuration in Python
Use Google-style docstrings for functions and classes in Python
Include comprehensive exception handling with specific exception types in Python code
Use logging with structured context (extra parameters) instead of print statements
Use retry logic with tenacity decorators (@retry) for operations that might fail
Use Pydantic BaseSettings for environment-based configuration in Python
Validate user input using Pydantic validators in Python models
Use @lru_cache and Redis-based caching for expensive calculations in Python
Run code formatting with Black (120 character line length) and isort in Python
Run type checking with basedpyright on all Python files
Run linting with ruff and pylint on all Pyth...

Files:

  • setup.py
{src/__init__.py,pyproject.toml,setup.py}

📄 CodeRabbit inference engine (.cursor/rules/python-github-rules.mdc)

{src/__init__.py,pyproject.toml,setup.py}: Update src/init.py first as primary source of truth for package version, then pyproject.toml and setup.py
Maintain version synchronization across src/init.py, pyproject.toml, and setup.py

Files:

  • setup.py
{pyproject.toml,setup.py,src/__init__.py}

📄 CodeRabbit inference engine (.cursor/rules/testing-and-build-guide.mdc)

Manually update version numbers in pyproject.toml, setup.py, and src/init.py when making a formal version change

Files:

  • setup.py
**/*.{py,pyi}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{py,pyi}: After any code changes, follow these steps in order: (1) Apply linting and formatting to ensure code quality: hatch run format, (2) Type checking: hatch run type-check (basedpyright), (3) Contract-first approach: Run hatch run contract-test for contract validation, (4) Run full test suite: hatch test --cover -v, (5) Verify all tests pass and contracts are satisfied, (6) Fix any issues and repeat steps until all tests pass
All public APIs must have @icontract decorators and @beartype type checking
Use Pydantic models for all data structures with data validation
Only write high-value comments if at all. Avoid talking to the user through comments

Files:

  • setup.py
**/*.{md,mdc}

📄 CodeRabbit inference engine (.cursor/rules/markdown-rules.mdc)

**/*.{md,mdc}: Do not use more than one consecutive blank line anywhere in the document (MD012: No Multiple Consecutive Blank Lines)
Fenced code blocks should be surrounded by blank lines (MD031: Fenced Code Blocks)
Lists should be surrounded by blank lines (MD032: Lists)
Files must end with a single empty line (MD047: Files Must End With Single Newline)
Lines should not have trailing spaces (MD009: No Trailing Spaces)
Use asterisks (**) for strong emphasis, not underscores (__) (MD050: Strong Style)
Fenced code blocks must have a language specified (MD040: Fenced Code Language)
Headers should increment by one level at a time (MD001: Header Increment)
Headers should be surrounded by blank lines (MD022: Headers Should Be Surrounded By Blank Lines)
Only one top-level header (H1) is allowed per document (MD025: Single H1 Header)
Use consistent list markers, preferring dashes (-) for unordered lists (MD004: List Style)
Nested unordered list items should be indented consistently, typically by 2 spaces (MD007: Unordered List Indentation)
Use exactly one space after the list marker (e.g., -, *, +, 1.) (MD030: Spaces After List Markers)
Use incrementing numbers for ordered lists (MD029: Ordered List Item Prefix)
Enclose bare URLs in angle brackets or format them as links (MD034: Bare URLs)
Don't use spaces immediately inside code spans (MD038: Spaces Inside Code Spans)
Use consistent indentation (usually 2 or 4 spaces) throughout markdown files
Keep line length under 120 characters in markdown files
Use reference-style links for better readability in markdown files
Use a trailing slash for directory paths in markdown files
Ensure proper escaping of special characters in markdown files

Files:

  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
**/*.md

📄 CodeRabbit inference engine (.cursorrules)

Avoid markdown linting errors (refer to markdown-rules)

Files:

  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
openspec/changes/**/*.md

📄 CodeRabbit inference engine (.cursorrules)

For /opsx:archive (Archive change): Include module signing and cleanup in final tasks. Agents MUST run openspec archive <change-id> from repo root (no manual mv under openspec/changes/archive/)

Files:

  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
openspec/**/*.md

⚙️ CodeRabbit configuration file

openspec/**/*.md: Treat as specification source of truth: proposal/tasks/spec deltas vs. code behavior,
CHANGE_ORDER consistency, and scenario coverage. Surface drift between OpenSpec and
implementation.

Files:

  • openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md
🔀 Multi-repo context nold-ai/specfact-cli-modules

Linked repositories findings

nold-ai/specfact-cli-modules

Inspected ref: refs/heads/dev.

  • packages/specfact-requirements/src/specfact_requirements/requirements/runtime.py:194 calls validate_requirement_context(bundle, profile=...) without project_root. This remains signature-compatible, but relative imported-source locators cannot be resolved from the project root through this runtime path. [::nold-ai/specfact-cli-modules::]
  • The runtime still exposes only file-based requirements import; no consumers of import_openspec_change or import_speckit_feature were found. [::nold-ai/specfact-cli-modules::]
  • No module command wiring for --from-openspec or --from-speckit is present on this ref; the module-side integration remains a follow-up dependency. [::nold-ai/specfact-cli-modules::]
  • Existing module validation tests cover the older runtime path but do not cover native OpenSpec/Spec Kit imports or the new import-gate diagnostics. [::nold-ai/specfact-cli-modules::]
🔇 Additional comments (3)
openspec/changes/openspec-01-intent-trace/TDD_EVIDENCE.md (2)

101-124: LGTM!


125-150: 🗄️ Data Integrity & Integration

Verify downstream module integration before claiming end-to-end delivery.

The linked module currently has no consumers for the new importers and no --from-openspec/--from-speckit command wiring. If this PR is expected to make the flow user-reachable, add an integration test and coordinate that dependency; otherwise document the deferred integration explicitly.

Source: Linked repositories

setup.py (1)

10-10: 🗄️ Data Integrity & Integration

Release-version entries are already in sync. setup.py, pyproject.toml, and src/__init__.py all declare 0.52.3.

			> Likely an incorrect or invalid review comment.

@djm81 djm81 merged commit b0f4404 into main Jul 14, 2026
63 checks passed
@github-project-automation github-project-automation Bot moved this from In Progress to Done in SpecFact CLI Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency resolution and management documentation Improvements or additions to documentation enhancement New feature or request

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

OpenSpec and Spec Kit Import-First Requirement Evidence

1 participant